"restrict" Is the allow.
[https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access](https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access)
Example:
New-ApplicationAccessPolicy -AccessRight RestrictAccess -AppId "e7e4dbfc-046f-4074-9b3b-2ae8f144f59b" -PolicyScopeGroupId EvenUsers@AppPolicyTest2.com -Description "Restrict this app's access to members of security group EvenUsers."
This would allow and restrict the app to just that group ( For a shared mailbox , you may need to add it to a security enabled group and scope to that group)
https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access